<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<?php
//1.验证cookie
//2.得到post参数,看是否完整正确
//3.写到DB中



include_once("../common.php");
//1.验证cookie
include "opDB.php";
$findflag = false;
$userid_post = NULL;
if (isset($_COOKIE['pgv_pvi'])){
	$ckuser = $_COOKIE['pgv_pvi'];
	
	$realUserId = getRealUserId($ckuser);

	if($realUserId != false){
		$user_sql = 'SELECT * FROM `user` WHERE `realUserId` = \''.$realUserId.'\' LIMIT 0, 1 ';
		$result = mysql_query($user_sql);	
		if($result != false){
			$row = mysql_fetch_array($result);
			$userid_post = $row['userId'];//发串回串用的ID

			$findflag = true;
		}
	}
}

if(!$findflag){
	echo "<h1>没有授权</h1>";//TODO:没cookie页面	
	mysql_close($con);
	return;
}

//2.得到post参数,看是否完整正确 

$content = isset($_POST['content'])?htmlspecialchars($_POST['content']):false;
$tid = isset($_POST['tid'])?$_POST['tid']:false;
if(!$content || !$tid){
	echo "<h1>404</h1>";//TODO:404页面	
	mysql_close($con);
	return;
}
$title = isset($_POST['name'])?htmlspecialchars($_POST['name']):"无名氏";
if($title == NULL){
	$title = "无名氏";
}

//找出tId和rId中最大的数值,增加一个偏移量即可
$result = mysql_query('SELECT `tId` FROM `thread` ORDER BY `tId` DESC LIMIT 0,1');
$row = mysql_fetch_array($result);
$curMaxId = intval($row['tId']);
$result = mysql_query('SELECT `rId` FROM `reply` ORDER BY `rId` DESC LIMIT 0,1');
$row = mysql_fetch_array($result);
$curMaxId = max($curMaxId,intval($row['rId']));
$rid = $curMaxId + 2;

//处理上传的图片
$picAddr = htmlspecialchars(saveUploadFile("upfile"));
//3.写到DB中
//先对数据进行转义过滤
$content = mysql_escape_string($content);
$title = mysql_escape_string($title);

$postReply_sql = 'INSERT INTO `reply` (`rId`, `userId`, `content`, `postTime`, `tId`, `delFlag`, `title`, `postName`,`picAddr`) VALUES ("'.$rid.'", "'.$userid_post.'", "'.$content.'", CURRENT_TIMESTAMP, "'.$tid.'", "0", "无标题","'.$title.'","'.$picAddr.'")';//此处title被取消了
mysql_query($postReply_sql);

//更新串的updateTime,直接采用NOW(),误差不大,节省一次查表的时间
$updateTime_sql = 'UPDATE `thread` SET `updateTime` = NOW() WHERE `tId`='.$tid;
mysql_query($updateTime_sql);

mysql_close($con);
echo "<h1>(～￣▽￣)～ 发表成功</h1><br/>";

//返回
$board_id = get_POSTInt('board_id',0);
$pageNo = get_POSTInt('pageNo',0);
//echo '$pageNo:'.$pageNo;
echo '您将在2秒后返回......<br />';
echo '<meta http-equiv="Refresh" content="1;url=showThread.php?board_id='.$board_id.'&pageNo='.$pageNo.'&tid='.$tid.'">';
echo '如果未返回,请点这里';
echo '<a href="showThread.php?board_id='.$board_id.'&pageNo='.$pageNo.'&tid='.$tid.'">返回</a>';
?>